Merge pull request #81 from TEDx-SJEC/bug_fix

Bug fix
TEDx-SJEC · Nov 26, 2024 · e4a4e90 · e4a4e90
2 parents c2358eb + ea1cb54
commit e4a4e90
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 96 deletions.
diff --git a/src/app/api/create-order/route.ts b/src/app/api/create-order/route.ts
@@ -1,8 +1,13 @@
 import { NextRequest, NextResponse } from "next/server";
 import { razorpay } from "@/lib/razorpay";
 import { randomUUID } from "crypto";
+import { getServerSideSession } from "@/lib/get-server-session";
 
 export async function POST(request: NextRequest) {
+      const session = await getServerSideSession();
+      if (!session) {
+          return NextResponse.json({ message: "No session", isOk: false }, { status: 400 });
+      }
     const { amount } = await request.json();
     if (!amount || typeof amount !== "number" || amount <= 0) {
         return NextResponse.json({ error: "Invalid amount" }, { status: 400 });

diff --git a/src/app/api/users/payment/route.ts b/src/app/api/users/payment/route.ts
@@ -5,6 +5,14 @@ import { NextRequest, NextResponse } from "next/server";
 export const dynamic = "force-dynamic";
 
 export async function GET(request: NextRequest) {
+  const session = await getServerSideSession();
+  if (!session) {
+      return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
+  }
+
+  if (session.user?.role !== "ADMIN") {
+      return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+  }
   const { searchParams } = new URL(request.url);
   try {
     const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10));

diff --git a/src/app/api/users/route.ts b/src/app/api/users/route.ts
@@ -1,49 +1,57 @@
+import { getServerSideSession } from "@/lib/get-server-session";
 import prisma from "@/server/db";
 import { NextResponse } from "next/server";
 export const dynamic = "force-dynamic";
+
 export async function GET(req: Request) {
-  const { searchParams } = new URL(req.url);
-  try {
-    const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10));
-    const search = searchParams.get("search") || "";
-    const limit = 10;
+    const session = await getServerSideSession();
+    if (!session) {
+        return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
+    }
+
+    if (session.user?.role !== "ADMIN") {
+        return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+    }
+
+    const { searchParams } = new URL(req.url);
+    try {
+        const page = Math.max(1, parseInt(searchParams.get("page") || "1", 10));
+        const search = searchParams.get("search") || "";
+        const limit = 10;
 
-    const [users, totalCount] = await Promise.all([
-      prisma.user.findMany({
-        skip: (page - 1) * limit,
-        take: limit,
-        where: {
-          name: {
-            contains: search,
-          },
-        },
-      }),
-      prisma.user.count({
-        // Get the total number of users for pagination
-        where: {
-          name: {
-            contains: search,
-          },
-        },
-      }),
-    ]);
+        const [users, totalCount] = await Promise.all([
+            prisma.user.findMany({
+                skip: (page - 1) * limit,
+                take: limit,
+                where: {
+                    name: {
+                        contains: search,
+                    },
+                },
+            }),
+            prisma.user.count({
+                // Get the total number of users for pagination
+                where: {
+                    name: {
+                        contains: search,
+                    },
+                },
+            }),
+        ]);
 
-    const totalPages = Math.ceil(totalCount / limit);
+        const totalPages = Math.ceil(totalCount / limit);
 
-    return NextResponse.json({
-      users,
-      pagination: {
-        currentPage: page,
-        totalPages,
-        totalCount,
-        limit,
-      },
-    });
-  } catch (error) {
-    console.error("Failed to fetch users:", error);
-    return NextResponse.json(
-      { message: "Failed to fetch users", status: 500 },
-      { status: 500 },
-    );
-  }
+        return NextResponse.json({
+            users,
+            pagination: {
+                currentPage: page,
+                totalPages,
+                totalCount,
+                limit,
+            },
+        });
+    } catch (error) {
+        console.error("Failed to fetch users:", error);
+        return NextResponse.json({ message: "Failed to fetch users", status: 500 }, { status: 500 });
+    }
 }
diff --git a/src/app/api/verify-order/[id]/route.ts b/src/app/api/verify-order/[id]/route.ts
@@ -1,19 +1,18 @@
 import { authOptions } from "@/lib/auth-options";
+import { getServerSideSession } from "@/lib/get-server-session";
 import { razorpay } from "@/lib/razorpay";
 import { getServerSession } from "next-auth/next";
 import { NextRequest, NextResponse } from "next/server";
 
 export async function GET(request: NextRequest, context: { params: { id: string } }) {
-    // Check authentication
-    // const session = await getServerSession(authOptions);
-    // if (!session) {
-    //     return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
-    // }
+    const session = await getServerSideSession();
+    if (!session) {
+        return NextResponse.json({ message: "Unauthorized" }, { status: 401 });
+    }
 
-    // // Check authorization (assuming 'role' is part of the session)
-    // if (session.user?.role !== "ADMIN") {
-    //     return NextResponse.json({ message: "Forbidden" }, { status: 403 });
-    // }
+    if (session.user?.role !== "ADMIN") {
+        return NextResponse.json({ error: "Unauthorized" }, { status: 403 });
+    }
 
     const { id } = context.params;
 

diff --git a/src/app/api/verify-order/route.ts b/src/app/api/verify-order/route.ts
@@ -5,52 +5,43 @@ import { sendRegistrationEmail } from "@/lib/send-registration-email";
 import { generatedSignature } from "@/lib/helper";
 
 export async function POST(request: NextRequest) {
-  const { orderId, razorpayPaymentId, razorpaySignature, amount } =
-    await request.json();
-  const session = await getServerSideSession();
-  if (!session) {
-    return NextResponse.json(
-      { message: "No session", isOk: false },
-      { status: 400 },
-    );
-  }
-  const signature = generatedSignature(orderId, razorpayPaymentId);
-  if (signature !== razorpaySignature) {
-    return NextResponse.json(
-      { message: "payment verification failed", isOk: false },
-      { status: 400 },
-    );
-  }
-  if (signature === razorpaySignature) {
-    const user = await prisma.user.findUnique({
-      where: {
-        email: session.user?.email!,
-      },
-    });
+    const session = await getServerSideSession();
+    if (!session) {
+        return NextResponse.json({ message: "No session", isOk: false }, { status: 400 });
+    }
+    const { orderId, razorpayPaymentId, razorpaySignature, amount } = await request.json();
+
+    const signature = generatedSignature(orderId, razorpayPaymentId);
+    if (signature !== razorpaySignature) {
+        return NextResponse.json({ message: "payment verification failed", isOk: false }, { status: 400 });
+    }
+    if (signature === razorpaySignature) {
+        const user = await prisma.user.findUnique({
+            where: {
+                email: session.user?.email!,
+            },
+        });
 
-    try {
-      await sendRegistrationEmail({
-          email: session.user?.email!,
-          name: session.user?.name!,
-          registrationLink: `${process.env.NEXT_PUBLIC_SITE_URL}/admin/verify/${razorpayPaymentId}`,
-      });
-    } catch (error) {
-      console.log(error);
+        try {
+            await sendRegistrationEmail({
+                email: session.user?.email!,
+                name: session.user?.name!,
+                registrationLink: `${process.env.NEXT_PUBLIC_SITE_URL}/admin/verify/${razorpayPaymentId}`,
+            });
+        } catch (error) {
+            console.log(error);
+        }
+        await prisma.$transaction(async (prisma) => {
+            await prisma.payment.create({
+                data: {
+                    amount: amount,
+                    orderCreationId: orderId,
+                    razorpayPaymentId: razorpayPaymentId,
+                    signature: razorpaySignature,
+                    user: { connect: { email: session.user?.email! } },
+                },
+            });
+        });
+        return NextResponse.json({ message: "payment verified successfully", isOk: true }, { status: 200 });
     }
-    await prisma.$transaction(async (prisma) => {
-      await prisma.payment.create({
-        data: {
-          amount: amount,
-          orderCreationId: orderId,
-          razorpayPaymentId: razorpayPaymentId,
-          signature: razorpaySignature,
-          user: { connect: { email: session.user?.email! } },
-        },
-      });
-    });
-    return NextResponse.json(
-      { message: "payment verified successfully", isOk: true },
-      { status: 200 },
-    );
-  }
 }